Via Errata Security -
Yup. After waiting a day to get the darn thing activated, we found a bug within a few minutes. We are cheating, of course, it's just the same bug we found earlier on Safari. Also, our Bluetooth fuzzer locks up the device, so that's an interesting sign. (As we've said in the past, we'll disclose all our bugs to Apple when they publish acceptable vuln handling guidelines).
The thing that interests us most, though, is that we think the iPhone is inherently more secure than competing smartphones (such as those based on Windows Mobile or Symbian). While Apple is slightly behind Windows on the desktop/server (that Samba bug still appears to be unfixed), it's still light years ahead of the mobile vendors. The mobile market is completely screwed up right now: while carriers know about the widespread vulnerabilities in their phones, the carriers are unwilling to patch them.
-----------------------------
Via Engadget Blog -
No use on non AT&T networks, A2DP, MMS, chat app, 3rd party programs, widgets, extended codec support, etc.? No problem -- maybe. It looks like the iPhone's system restore image has already shown up online; it might be a while before anyone can deconstruct this thing into meaningful, moddable bits (and perhaps even longer before modded iPhone ROMs can be flashed to users' devices -- everything looks pretty well encrypted at this point), but hacking device software always starts at the same place: a firmware image.
No comments:
Post a Comment